The UK Information Commissioner’s Office (ICO) has released a report outlining the key issues presented by big data and the compliance considerations it poses.
"Big Data and Data Protection," released on 28 July, sets out the opportunities that big data presents to organisations whilst emphasising that although the core principles of UK data protection law must still be observed, they should not be seen as a barrier to industry innovation. The ICO specifically rejects the notion that the data protection principles are not fit for purpose in the context of big data.
The ICO identifies big data as an innovative and enhanced form of information processing in order to obtain value and insight and suggests key areas that organisations should address when considering big data analytics.
This includes anonymisation, which, if done correctly, means the information being analysed may no longer be considered as personal data and may therefore fall outside the scope of the UK Data Protection Act. Other areas highlighted include the need to consider the use of Privacy Impact Assessments (PIAs) to understand how the processing will affect the people concerned, particularly as PIAs are set to become a key component of the forthcoming EU Data Protection Regulation; "repurposing" data and whether such purposes are incompatible with the original purpose for which the data was collected, in which case organisations may need to get individual consent for the new use; data minimisation, whereby big data should not be seen as an excuse for stockpiling data and long-term use must be justifiable, and finally, being as transparent as possible to individuals about the purposes, implications and benefits of big data.
Finally, the ICO emphasises the importance of "subject access" and designing systems that enable people to exercise their right under data protection law to see the data that organisations are processing about them.
The ICO acknowledges that this area is fast-evolving and its guidance is therefore likely to be subject to amendments and improvements. It therefore welcomes feedback on how this can be done. A copy of the guidance is available here.